"Aside from an awesome user interface and a great underlying architecture, Apple built OS X with security in mind. As part of that central security theme, OS X has been designed using three key isolation features: system isolation, user isolation, and memory and application isolation."

User/... (the user has permissions to see / modify files in his account)
Library/... (all users can see but only the admin can modify files)
System/... (all users can see but only root can modify files)

o.k. there is one more

(Network/...)

When you need to update files in System/ (via SW Update or a Package Install) you enter the admin password and Mac OS X will do something like a su (note that root is disabled by default) to allow the admin to change things in System/...